How to Secure your Data

A world that leverages data to do just about everything needs infrastructure. The most competitive companies of our time use software to power their business operations.

Enter high-performance computing devices, on-premises data centers, and clouds (AWS, Azure, GCP). As you scale up the quantity of your servers and storage, the distribution of your organization’s data becomes challenging to track. Data can easily get lost in oceans of servers and storage arrays. Now, if your data is sensitive or if it needs to comply with strict regulations, it is a necessity for you to have a comprehensive and complete catalog of your company’s data. You also need to implement strong protections and configurations to prevent breaches and ransomware. As attackers continuously organize themselves to hack organizations, freeze operations, steal their data, and make money, Cybersecurity becomes a necessity instead of a luxury: enabling you to stay operational in the modern world.

These come with operating systems and in some cases partitioned resources for particular applications.

IBM specializes in protecting data. Here is my summary of the framework that IBM uses to enable companies to execute sound Data Security. It can be summarized in five steps:

1. Discover
2. Protect
3. Comply
4. Detect
5. Respond

Discover: find all instances of sensitive data everywhere

Discover and catalog where all of your data is. Understand where all the sensitive data is across your organization; know every piece of infrastructure and continuously track it. After you know where all of it is, you must classify it. Know what types of data you have. Do you have health-related information, do you have names, addresses, and SSN’s? Do you have social security numbers? Do you have unstructured databases full of sensitive medical documents? Do you have structured databases feeding your critical systems? Companies accumulate projects and data over time and departments miscommunicate: which creates data that companies don’t know about. This is known as “Shadow Data”. Discovering all your data everywhere is a process that can be done by utilizing IBM’s Data Security tool set.

This applies to your on premises servers and it also applies to the cloud. We also design tools to help you find sensitive data, misconfigurations, vulnerabilities, suspicious data transactions, third party access, and potentially improper data flows on major clouds, like AWS, Google, and Azure… and SaaS applications like Slack and Jira.

Acquire a simple interface for yourself and for your company to view every piece of sensitive data everywhere.

Protect: monitor and manage data requests

There are a variety of ways that you can protect your data. Here are a few key ones: Data Encryption, Encryption Key Management, and Data Protection.

Encrypting data protects us from ransomware:

Encrypt your data, making it unreadable to hackers and unaccessible to unauthorized users. Encrypting your data can even legally protect you from having to disclose a breach. This concept is known as “Safe Harbor”. Data encryption is the ability to transform data into an unreadable state via an encryption algorithm. Data decryption is the ability to convert that data back into a readable state. When you use an encryption tool, you will get the power to keep your data encrypted, and only decrypt it when specific users and processes need to access it.

Encryption tools with the power to encrypt at the software level will give you the ability to establish access controls: making sure only the right people and the right processes (executables) have access to the data. This will ensure that if a user or a process does not belong to the clearance list, then the data will stay encrypted and a hacker will not be able to access it. You can encrypt specific files, specific folders, or even entire volumes! Additionally, you can set up specific rules for specific users belonging to groups or even individuals. For example, make sure admins can see only encrypted versions of the data, make sure particular application users can see a cleartext version of the data, and make sure all other users don’t even have access to the folder! Ensure that only authorized processes/executables have access to your sensitive data… so that Ransomware scripts can’t access and in turn encrypt it! Data Encryption is a necessary part of securing your data.

With IBM, you can encrypt application logic, encrypt specific subsets of data within databases, encrypt containers, and add agents to intercept all read and write calls to your sensitive files.

Managing our Encryption Keys

When we are doing encryption, we are essentially putting locks on our data, on all of our servers, everywhere. So, to access the data we need a key to unlock it. Every time you encrypt a particular file, directory, or volume you need to create a key to manage its encryption (to encrypt/decrypt). At scale, you need thousands of keys for all your data and managing all of them can be a nightmare!

We need a simplified, vendor-agnostic secure architecture to achieve this… and IBM provides it.

Data Protection with rich telemetry

After we’ve discovered and encrypted our data, we can set the next mission: monitoring. Let’s monitor our by analyzing the actions of every single user who accesses our structured databases, like Credit Card or Healthcare DB’s. Implement the Zero Trust Principle of Least Privilege: ensuring that only the people that need the data can have access to the data.

Understand the scenarios that you don’t want to happen. After you know what you don’t want, set up rules to put these principles into play. Know what user groups need to access your data. Then, set up rules based on the different kinds of groups that users belong to. Are they admins, business users, or executives?

Create rules to ensure that users can’t export more than a certain amount of data, based on their roles in your organization... or make sure they can’t access data sets at a particular time… or even mask the data in certain cases. You can also isolate users if they violate the rules that you’ve designed to protect your databases. Compatibility for Data Protection works across Applications, Databases, Big Data, Data Warehouses, and File Systems.

Create rules based on a variety of user attributes, and make sure that these rules operate in real-time, with no impact to performance. Every time a user makes a request to one of your databases or unstructured file servers, you can read the properties of the request and make a decision upon that request.

Another important technique is to understand how your organization uses its data by understanding the data’s underlying patterns. Use those patterns to detect anomalies in user behavior. Send those anomalies to your SIEM and SOAR tools for fast actions, or if you absolutely know that the user is doing something bad, terminate their session and isolate them from the data! IBM Security Software is used by some of the world’s largest banks!

Comply: accelerate audits.

Audits and compliance can be complex and exhausting. To make sure that we are complying with strict regulations including HIPAA, GDPR, PCI-DSS, GLBA, and SOX, we need to create reports on sensitive data, user access, and overall usage.

We need to map the exact words in those high-complexity regulatory bodies of text to certain datapoints that exist in our data. Of course, we can only do this once we have discovered the sensitive data that our company is using to do business.

IBM has created templates for various compliance mandates that extract the data that you need for your audits. It maps the data to the precise language in the compliance mandates. It formats it cleanly and sends it over to the auditors for you. Improve your audit speeds by 80%! Auditors feel relief when they know a company uses IBM’s tools because they know that it’s simple and that everything gets exported. Our auditing automation capabilities are used by 4 out of the 5 Top Banks in the US and 6 out of the 10 Top Global Insurance Companies… and many other companies that value efficiency.

Detect: use granular information and send it up to your SIEM.

When it comes to detecting threats on data, yes, we can use the server logs, but those can be modified by attackers. Instead of logs, what we should be looking at is the exact nature of our users’ activity on that data. Use rich telemetry to detect threats and anomalies. IBM gives you the capability to store hardened data on all the requests that were made to your servers. IBM can understand database languages and requests at a very granular level.

We can also set up our systems to use Machine Learning (ML) to capture anomalies in our users’ data usage. By connecting these ML capabilities to our LDAP, we can import our organization’s users. Once we get that very rich telemetry of what of a user is doing with our database, we can detect threats. We can then set up policies to send information up to our SOC to be remediated, terminate sessions, and isolate users: in real time... all depending on the severity of the activity being analyzed.

We can also get logs from all the tools that are monitoring your data, such as encryption tools, vulnerability tools, monitoring tools and more. Additionally, you can acquire the ability to access logs from users trying to access your encrypted files/folders/drives and in turn be able to generate alerts to send to your SIEM from these logs. When you detect those Cloud/On-Prem vulnerabilities and data flowing to the wrong places in your Discover step, you can send this information up to your SIEM too.

By setting up Security tools to monitor your key data and the peripheral mechanisms that transfer it, you can send rich alerts from these tools to your SIEM, and get your issues resolved quickly.

Respond: be ready, be automated, and be fast.

Our SOC doesn’t need noise. It needs high-leverage insights. To respond fast, you need the best and most efficient detections... and you need to automate as much as you can. To get the best detections we need the best tools and rules. Another route to get excellent detections is by setting up Security tools that find vulnerabilities, misconfigurations, improper data flows, and shadow data… and then sending those up to the SIEM or responding directly on those Security tools that you have set up. I can help you with tools that operate as knowledge bases: giving you the knowledge you need to remediate vulnerabilities.

One way you can respond to anomalies are by actually putting an agent on your server that checks every single data request coming in, ensures that the request follows the rules, and then makes a decision. If they’re good, approved. No impact to performance. If they’re bad, terminate their session or isolate them from being able to access the data! You can only get that level of granularity on data requests when you put agents on your servers, and this is something I can help you implement.

Conclusion

The world's companies continue to use software and the power of computers to enhance their business. Businesses will only continue to add technology to their tool stacks.

IBM is globally known for its expertise in data protection. Please contact me to have an architectural and strategic conversation on how we can work together to help you protect your data.

To do more research, navigate to IBM's website and send me a message!

https://www.ibm.com/data-security?utm_content=SRCWW&p1=Search&p4=43700055261872950&p5=e&p9=58700006116171726&gclid=CjwKCAjw74e1BhBnEiwAbqOAjPMTblU2YmDjZ28B4FJ0eWfHl0jj0rmsth-bLYllGlknvCVaKRvGHhoCGxkQAvD_BwE&gclsrc=aw.ds